Ovina
HomePricingAboutContact
Legal

Privacy Policy

PRIVACY POLICY

Last Updated: March 1, 2026

This Privacy Policy ("Policy") explains how Batuhan Yılmaz (operating as Ovina) ("Ovina", "we", "us", or "our") collects, uses, shares, and protects personal data when you access or use https://app.ovina.ai/ and related services (the "Service").

Controller. For the purposes of applicable data protection laws (including the Turkish Personal Data Protection Law No. 6698 ("KVKK") and, where applicable, the EU/UK General Data Protection Regulation ("GDPR")), Batuhan Yılmaz (operating as Ovina) is the data controller for personal data processed via the Service.

Contact.

  • Email: info@ovina.ai
  • Address: Çankaya/Ankara

1. Scope

This Policy applies to personal data we process about:

  • website visitors,
  • registered users,
  • customers (including subscription/package purchasers), and
  • support contacts.

This Policy does not cover third-party sites, services, or providers you may access via links on our Service.

2. What We Collect

2.1 Information you provide

  • Account Information: email address, password (stored in hashed form), and basic account settings.
  • Third-Party Authentication (Social Login): If you choose to register or log in using a third-party account (e.g., Google, Apple, GitHub), we may receive certain profile information from that provider, such as your name, email address, and profile picture, in accordance with their privacy policies.
  • Support Communications: messages you send to support and any information you choose to provide.
  • AI Generation Data (Inputs & Outputs): prompts, parameters, and any files you upload for generation; the resulting outputs and generation history.

2.2 Payments (Merchant of Record)

We use a Merchant of Record (MoR) (e.g., Paddle) to process purchases, subscriptions, taxes, and billing. We do notstore full payment card details.

We may receive and store limited purchase-related information such as:

  • purchase and transaction identifiers,
  • subscription status (active/canceled),
  • purchase timestamps,
  • country/region (for tax purposes), and
  • refund/chargeback status.

2.3 Automatically collected information

When you use the Service, we may automatically collect:

  • IP address (and approximate location derived from IP),
  • device and browser details,
  • operating system,
  • referring/exit pages,
  • usage and event logs (e.g., feature usage, timestamps),
  • cookies or similar identifiers.

3. How We Use Personal Data

We use personal data to:

  1. Provide the Service (account creation, authentication, generation requests, output delivery).
  2. Operate the credit system (credit allocation, deduction, and usage history).
  3. Manage subscriptions and purchases (through MoR signals such as payment success/failure and subscription status).
  4. Customer support (respond to requests, troubleshoot issues).
  5. Safety, security, and fraud prevention (detect abuse, enforce policies, prevent chargebacks and unauthorized access).
  6. Improve the Service (analytics, debugging, performance monitoring).
  7. Legal and compliance (comply with applicable laws, tax/accounting obligations, and lawful requests).

Marketing communications. Where permitted by applicable law and based on your consent or other lawful basis, we may send you promotional emails about new features or offers. You can opt out at any time by clicking the “unsubscribe” link in the emails or by updating your account settings (where available).

4. Legal Bases (GDPR/UK GDPR)

Where GDPR/UK GDPR applies, we process personal data under one or more of the following legal bases:

  • Contract: to provide the Service you request and manage your account/subscription.
  • Legitimate interests: to secure and improve the Service, prevent fraud, and maintain service quality.
  • Legal obligation: to comply with tax, accounting, and legal requirements.
  • Consent: for certain cookies/marketing communications where required.

Where KVKK applies, we process personal data in accordance with KVKK and applicable exemptions (including processing necessary for the establishment or performance of a contract, legal obligations, and legitimate interests), and we obtain explicit consent where legally required.

5. How We Share Personal Data

We do not sell your personal data.

We may share personal data with:

5.1 Merchant of Record (Payments)

We share necessary information with the MoR to facilitate purchases, subscriptions, billing, and tax handling. Payment information is processed under the MoR’s privacy policy.

5.2 AI Infrastructure & Model Providers

To generate content you request, we transmit your Inputs (prompts/files/parameters) to third-party AI providers (e.g., Fal AI and associated model/API providers). These providers process Inputs to produce Outputs and return them to our Service.

Important note on retention: Third-party providers may apply their own retention and logging policies. We encourage you to review the privacy/terms documentation of relevant providers.

5.3 Hosting, analytics, and operational vendors

We may use third-party vendors for hosting, storage, logging, analytics, and customer support. They are permitted to process personal data only to provide services to us, under appropriate contractual protections.

5.4 Legal disclosures

We may disclose personal data if required to comply with law, legal process, or lawful governmental requests; to protect rights and safety; or to investigate fraud or security issues.

6. International Data Transfers

We may process and store personal data in Türkiye and/or other countries where we or our service providers operate.

Where GDPR applies and personal data is transferred outside the EEA/UK, we use appropriate safeguards (such as Standard Contractual Clauses or other lawful transfer mechanisms) where required.

7. Data Retention

We retain personal data for as long as necessary to provide the Service and fulfill the purposes described in this Policy.

7.1 Account & billing records

We retain certain account and transaction records as required for legitimate business purposes and legal/tax obligations.

7.2 Inputs & Outputs (User-controlled deletion)

  • Outputs and generation history are stored until you delete them from your account.
  • If you request account deletion, we will delete or anonymize personal data from active systems within a reasonable period, subject to legal/operational requirements.
  • Residual copies may persist temporarily in backups or logs for security, compliance, and disaster recovery.

7.3 Inactive accounts

We may terminate accounts that have been inactive for an extended period (e.g., 12 consecutive months) after providing reasonable notice via email. Following termination, we may delete or anonymize associated data subject to legal/operational requirements.

8. Security

We implement appropriate technical and organizational measures designed to protect personal data (e.g., encryption in transit, access controls, least-privilege access, and monitoring).

No method of transmission or storage is 100% secure. You are responsible for keeping your account credentials confidential.

9. Cookies and Similar Technologies

We may use cookies and similar technologies for:

  • authentication and session management,
  • security,
  • analytics and performance,
  • preferences.

Where required by law, we will request your consent for non-essential cookies.

10. Your Rights

Depending on your location and applicable law, you may have rights including:

  • access to your personal data,
  • correction/rectification,
  • deletion/erasure,
  • restriction of processing,
  • objection to processing,
  • data portability,
  • withdrawal of consent (where processing is based on consent).

To exercise your rights, contact us at info@ovina.ai. We may need to verify your identity.

Complaints. Where applicable, you may also lodge a complaint with your local data protection authority.

11. Children’s Privacy

The Service is intended for users who are at least 18 years old. We do not knowingly collect personal data from individuals under 18. If we learn we have collected such data, we will take steps to delete it and disable the account.

12. Automated Decision-Making

We may use automated systems to:

  • allocate/deduct credits based on usage,
  • detect fraud/abuse,
  • enforce rate limits or safety controls.

We do not use automated decision-making that produces legal or similarly significant effects solely by automated means, except as permitted by law and necessary to provide and secure the Service.

13. Beta Service

The Service is currently offered as a beta release. During beta, we may change features, logs, and telemetry practices as needed to improve stability and safety. We will update this Policy when material changes occur.

14. Changes to This Policy

We may update this Policy from time to time. The “Last Updated” date will reflect the latest version. Material changes may be communicated via the Service or email.

15. Contact

If you have questions or requests regarding this Policy:

  • Email: info@ovina.ai
  • Business Name: Batuhan Yılmaz (operating as Ovina)
  • Address: Çankaya/Ankara